Route Origin Authorization
$ rpki-client -vvf rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/BFFF6C4A07D911EDA41A0B25C4F9AE02.roa
File: BFFF6C4A07D911EDA41A0B25C4F9AE02.roa (raw, json)
Hash identifier: GP/xk9klfhzGUqC9zVSgLsFcoj/SNA7QNKZizL06GJY=
Subject key identifier: E3:0B:1D:0C:23:AE:AE:71:87:14:E8:3B:72:D2:8F:A0:5E:3F:17:FD
Certificate issuer: /CN=A9145D25/serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
Certificate serial: 05A9
Authority key identifier: C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
Subject info access: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/BFFF6C4A07D911EDA41A0B25C4F9AE02.roa
Signing time: Thu 25 Sep 2025 02:58:31 +0000
ROA not before: Thu 25 Sep 2025 02:58:31 +0000
ROA not after: Tue 01 Dec 2026 00:00:00 +0000
asID: 135074
IP address blocks: 103.135.208.0/22 maxlen: 22
103.135.208.0/24 maxlen: 24
103.135.209.0/24 maxlen: 24
103.135.210.0/24 maxlen: 24
103.135.211.0/24 maxlen: 24
103.172.110.0/23 maxlen: 24
103.204.13.0/24 maxlen: 24
203.168.128.0/22 maxlen: 22
203.168.128.0/24 maxlen: 24
203.168.129.0/24 maxlen: 24
203.168.130.0/24 maxlen: 24
203.168.131.0/24 maxlen: 24
203.168.192.0/24 maxlen: 24
203.168.193.0/24 maxlen: 24
203.168.194.0/24 maxlen: 24
203.168.195.0/24 maxlen: 24
203.168.196.0/24 maxlen: 24
203.168.197.0/24 maxlen: 24
203.168.198.0/24 maxlen: 24
203.168.199.0/24 maxlen: 24
203.168.200.0/24 maxlen: 24
203.168.201.0/24 maxlen: 24
203.168.202.0/24 maxlen: 24
203.168.203.0/24 maxlen: 24
203.168.204.0/24 maxlen: 24
203.168.205.0/24 maxlen: 24
203.168.206.0/24 maxlen: 24
203.168.207.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl
rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sun 26 Oct 2025 01:09:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1449 (0x5a9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A9145D25, serialNumber=C2F28E9D188439C4FE69F63A4CAA6DA42496291D
Validity
Not Before: Sep 25 02:58:31 2025 GMT
Not After : Dec 1 00:00:00 2026 GMT
Subject: CN=68d4afd6-2553
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:af:87:1f:66:f4:f2:90:9b:df:d9:ab:97:72:
04:0b:44:d3:cf:80:23:0c:a5:56:db:86:1d:71:5d:
e1:ed:40:e3:74:78:b0:c0:6c:8c:ab:23:3e:db:91:
18:f9:d8:9c:04:27:e1:a2:6d:f8:55:e8:d7:ea:dc:
77:9b:f3:23:d1:a7:dc:8e:8d:46:41:d4:01:6d:c0:
68:79:57:b5:4c:5b:56:83:37:41:c8:bf:c8:ec:26:
d9:4b:21:05:37:fd:1b:99:65:44:0e:65:20:67:ac:
5e:72:8b:51:d8:24:b9:8c:9e:f6:90:7b:e9:02:14:
9c:ea:64:f2:66:92:7f:82:99:61:92:ba:eb:37:10:
38:13:2b:ed:ce:cc:30:c1:ce:4c:d0:13:e3:a5:8d:
cf:9e:b9:bc:23:80:f2:1b:d8:79:07:ff:6c:8b:54:
d8:21:03:7b:c1:5a:3f:15:13:5e:09:46:27:51:c0:
34:f7:ea:d3:76:c6:5c:a2:83:b6:33:3c:29:eb:c8:
00:ef:b6:92:cc:dc:86:2a:4c:e1:fa:48:32:07:45:
32:42:fc:f3:ee:57:d3:40:a4:76:dc:06:0f:a4:9e:
8b:4f:f0:78:01:3a:28:ce:51:6f:2a:30:d2:97:1d:
f3:b1:91:c9:f5:a9:f6:9d:da:fa:60:6f:c3:c7:63:
d8:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:0B:1D:0C:23:AE:AE:71:87:14:E8:3B:72:D2:8F:A0:5E:3F:17:FD
X509v3 Authority Key Identifier:
keyid:C2:F2:8E:9D:18:84:39:C4:FE:69:F6:3A:4C:AA:6D:A4:24:96:29:1D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/wvKOnRiEOcT-afY6TKptpCSWKR0.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wvKOnRiEOcT-afY6TKptpCSWKR0.cer
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.apnic.net/RPKI/CPS.pdf
Subject Information Access:
Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9145D25/67F2B0D80BD211ECBAA4806AC4F9AE02/BFFF6C4A07D911EDA41A0B25C4F9AE02.roa
RPKI Notify - URI:https://rrdp.apnic.net/notification.xml
sbgp-ipAddrBlock: critical
IPv4:
103.135.208.0/22
103.172.110.0/23
103.204.13.0/24
203.168.128.0/22
203.168.192.0/20
Signature Algorithm: sha256WithRSAEncryption
2c:65:87:67:7f:ce:aa:f2:ed:67:ef:2e:91:23:eb:13:76:ca:
44:f0:fd:26:50:4a:6d:3d:66:cf:65:35:cd:9a:de:95:95:06:
a6:32:4b:9c:60:c0:85:bf:c2:50:ca:f8:28:12:e7:98:68:1d:
f7:c8:36:73:fa:0b:27:50:74:bf:42:52:bf:e5:6e:f3:6e:45:
da:83:94:5d:91:8d:a8:b0:97:19:ab:81:1d:48:9b:21:72:7d:
8b:e9:e0:ae:14:c5:6f:88:54:f2:fc:7a:85:24:db:50:ff:12:
d1:31:2b:25:c8:7c:e9:31:88:64:69:16:58:85:96:83:97:83:
9d:45:bf:01:01:43:92:b7:39:fc:69:f3:a0:b4:33:42:dc:e5:
82:7a:23:ad:8c:ab:59:e0:bb:ce:93:bf:76:37:2b:f9:63:aa:
63:27:4e:67:eb:0f:e9:b4:52:bb:14:50:69:96:6a:de:fa:a7:
ef:46:69:60:6d:5f:69:64:40:89:61:88:50:fa:ae:d6:44:e8:
4b:f7:7a:22:82:25:ee:ec:51:0f:03:c9:fb:72:0f:d1:17:59:
4b:ef:a2:13:88:ab:28:72:05:4c:36:32:d7:a2:7f:6a:fd:9c:
f5:34:64:f1:b2:06:d9:2b:75:36:2c:1c:d4:5e:a6:25:bd:f6:
55:77:84:3f
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICBakwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDVEMjUxMTAvBgNVBAUTKEMyRjI4RTlEMTg4NDM5QzRGRTY5RjYzQTRDQUE2REE0
MjQ5NjI5MUQwHhcNMjUwOTI1MDI1ODMxWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGQ0YWZkNi0yNTUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxK+HH2b08pCb39mrl3IEC0TTz4AjDKVW24YdcV3h7UDjdHiwwGyMqyM+25EY
+dicBCfhom34VejX6tx3m/Mj0afcjo1GQdQBbcBoeVe1TFtWgzdByL/I7CbZSyEF
N/0bmWVEDmUgZ6xecotR2CS5jJ72kHvpAhSc6mTyZpJ/gplhkrrrNxA4Eyvtzsww
wc5M0BPjpY3Pnrm8I4DyG9h5B/9si1TYIQN7wVo/FRNeCUYnUcA09+rTdsZcooO2
Mzwp68gA77aSzNyGKkzh+kgyB0UyQvzz7lfTQKR23AYPpJ6LT/B4AToozlFvKjDS
lx3zsZHJ9an2ndr6YG/Dx2PYzwIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFOMLHQwj
rq5xhxToO3LSj6BePxf9MB8GA1UdIwQYMBaAFMLyjp0YhDnE/mn2OkyqbaQklikd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NUQyNS82N0YyQjBEODBC
RDIxMUVDQkFBNDgwNkFDNEY5QUUwMi93dktPblJpRU9jVC1hZlk2VEtwdHBDU1dL
UjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3d2S09uUmlFT2NULWFmWTZUS3B0cENTV0tSMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDVEMjUvNjdGMkIwRDgwQkQyMTFFQ0JBQTQ4MDZBQzRGOUFFMDIvQkZGRjZDNEEw
N0Q5MTFFREE0MUEwQjI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAJnh9ADBAFnrG4DBABnzA0DBALLqIADBATLqMAwDQYJKoZI
hvcNAQELBQADggEBACxlh2d/zqry7WfvLpEj6xN2ykTw/SZQSm09Zs9lNc2a3pWV
BqYyS5xgwIW/wlDK+CgS55hoHffINnP6CydQdL9CUr/lbvNuRdqDlF2Rjaiwlxmr
gR1ImyFyfYvp4K4UxW+IVPL8eoUk21D/EtExKyXIfOkxiGRpFliFloOXg51FvwEB
Q5K3Ofxp86C0M0Lc5YJ6I62Mq1ngu86Tv3Y3K/ljqmMnTmfrD+m0UrsUUGmWat76
p+9GaWBtX2lkQIlhiFD6rtZE6Ev3eiKCJe7sUQ8DyftyD9EXWUvvohOIqyhyBUw2
Mteif2r9nPU0ZPGyBtkrdTYsHNRepiW99lV3hD8=
-----END CERTIFICATE-----
Generated at Mon Oct 20 11:35:56 2025 by rpki-client